Lucene search
HistoryFeb 22, 2006 - 2:02 a.m.
CVE-2006-0844
cve-2006-0844
authentication bypass
cookie
leif m. wright's blog 3.5
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.9%
Leif M. Wright’s Blog 3.5 does not make a password comparison when authenticating an administrator via a cookie, which allows remote attackers to bypass login authentication, probably by setting the blogAdmin cookie.
Affected configurations
Node
leif_m._wrightweb_blogMatch3.5
| CPE | Name | Operator | Version |
|---|---|---|---|
| leif_m._wright:web_blog | leif m. wright web blog | eq | 3.5 |
Related
prion
prion
Authentication flaw
2006-02-22 02:02:00
cvelist
cvelist
CVE-2006-0844
2006-02-22 02:00:00
nvd
nvd
CVE-2006-0844
2006-02-22 02:02:00
securityvulns
securityvulns
[eVuln] Leif M. Wright's Blog Multiple Vulnerabilities
2006-03-01 00:00:00
packetstorm
packetstorm
EV0082.txt
2006-03-03 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.8 Medium
AI Score
Confidence
Low
0.006 Low
EPSS
Percentile
78.9%
Related for CVE-2006-0844